Update-MgDomainFederationConfiguration
Update the navigation property federationConfiguration in domains
Syntax
Update-MgDomainFederationConfiguration
-DomainId <String>
-InternalDomainFederationId <String>
[-ActiveSignInUri <String>]
[-AdditionalProperties <Hashtable>]
[-DisplayName <String>]
[-FederatedIdpMfaBehavior <String>]
[-Id <String>]
[-IsSignedAuthenticationRequestRequired]
[-IssuerUri <String>]
[-MetadataExchangeUri <String>]
[-NextSigningCertificate <String>]
[-PassiveSignInUri <String>]
[-PreferredAuthenticationProtocol <String>]
[-PromptLoginBehavior <String>]
[-SignOutUri <String>]
[-SigningCertificate <String>]
[-SigningCertificateUpdateStatus <IMicrosoftGraphSigningCertificateUpdateStatus>]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgDomainFederationConfiguration
-DomainId <String>
-InternalDomainFederationId <String>
-BodyParameter <IMicrosoftGraphInternalDomainFederation>
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgDomainFederationConfiguration
-InputObject <IIdentityDirectoryManagementIdentity>
[-ActiveSignInUri <String>]
[-AdditionalProperties <Hashtable>]
[-DisplayName <String>]
[-FederatedIdpMfaBehavior <String>]
[-Id <String>]
[-IsSignedAuthenticationRequestRequired]
[-IssuerUri <String>]
[-MetadataExchangeUri <String>]
[-NextSigningCertificate <String>]
[-PassiveSignInUri <String>]
[-PreferredAuthenticationProtocol <String>]
[-PromptLoginBehavior <String>]
[-SignOutUri <String>]
[-SigningCertificate <String>]
[-SigningCertificateUpdateStatus <IMicrosoftGraphSigningCertificateUpdateStatus>]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgDomainFederationConfiguration
-InputObject <IIdentityDirectoryManagementIdentity>
-BodyParameter <IMicrosoftGraphInternalDomainFederation>
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Update the navigation property federationConfiguration in domains
Examples
Example 1: Update the federation settings for a federated domain
Update-MgDomainFederationConfiguration -DomainId 'contoso.com' -InternalDomainFederationId '2a8ce608-bb34-473f-9e0f-f373ee4cbc5a' -DisplayName "Contoso name change"This example updates the DisplayName setting.
Parameters
URL of the endpoint used by active clients when authenticating with federated domains set up for single sign-on in Azure Active Directory (Azure AD). Corresponds to the ActiveLogOnUri property of the Set-MsolDomainFederationSettings MSOnline v1 PowerShell cmdlet.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
internalDomainFederation To construct, please use Get-Help -Online and see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphInternalDomainFederation |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The display name of the identity provider.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
key: id of domain
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
federatedIdpMfaBehavior
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Identity Parameter To construct, please use Get-Help -Online and see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IIdentityDirectoryManagementIdentity |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
key: id of internalDomainFederation
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
If true, when SAML authentication requests are sent to the federated SAML IdP, Azure AD will sign those requests using the OrgID signing key. If false (default), the SAML authentication requests sent to the federated IdP are not signed.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Issuer URI of the federation server.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
URI of the metadata exchange endpoint used for authentication from rich client applications.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Fallback token signing certificate that is used to sign tokens when the primary signing certificate expires. Formatted as Base64 encoded strings of the public portion of the federated IdP's token signing certificate. Needs to be compatible with the X509Certificate2 class. Much like the signingCertificate, the nextSigningCertificate property is used if a rollover is required outside of the auto-rollover update, a new federation service is being set up, or if the new token signing certificate is not present in the federation properties after the federation service certificate has been updated.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
URI that web-based clients are directed to when signing in to Azure Active Directory (Azure AD) services.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Returns true when the command succeeds
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
authenticationProtocol
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
promptLoginBehavior
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. This property is used in the following scenarios: if a rollover is required outside of the autorollover update a new federation service is being set up if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated. Azure AD updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Azure AD monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
signingCertificateUpdateStatus To construct, please use Get-Help -Online and see NOTES section for SIGNINGCERTIFICATEUPDATESTATUS properties and create a hash table.
| Type: | IMicrosoftGraphSigningCertificateUpdateStatus |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
URI that clients are redirected to when they sign out of Azure AD services. Corresponds to the LogOffUri property of the Set-MsolDomainFederationSettings MSOnline v1 PowerShell cmdlet.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IIdentityDirectoryManagementIdentity
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphInternalDomainFederation
Outputs
System.Boolean
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphInternalDomainFederation>: internalDomainFederation
[(Any) <Object>]: This indicates any property can be added to this object.[IssuerUri <String>]: Issuer URI of the federation server.[MetadataExchangeUri <String>]: URI of the metadata exchange endpoint used for authentication from rich client applications.[PassiveSignInUri <String>]: URI that web-based clients are directed to when signing in to Azure Active Directory (Azure AD) services.[PreferredAuthenticationProtocol <String>]: authenticationProtocol[SigningCertificate <String>]: Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. This property is used in the following scenarios: if a rollover is required outside of the autorollover update a new federation service is being set up if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated. Azure AD updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Azure AD monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.[DisplayName <String>]: The display name of the identity provider.[Id <String>]:[ActiveSignInUri <String>]: URL of the endpoint used by active clients when authenticating with federated domains set up for single sign-on in Azure Active Directory (Azure AD). Corresponds to the ActiveLogOnUri property of the Set-MsolDomainFederationSettings MSOnline v1 PowerShell cmdlet.[FederatedIdpMfaBehavior <String>]: federatedIdpMfaBehavior[IsSignedAuthenticationRequestRequired <Boolean?>]: If true, when SAML authentication requests are sent to the federated SAML IdP, Azure AD will sign those requests using the OrgID signing key. If false (default), the SAML authentication requests sent to the federated IdP are not signed.[NextSigningCertificate <String>]: Fallback token signing certificate that is used to sign tokens when the primary signing certificate expires. Formatted as Base64 encoded strings of the public portion of the federated IdP's token signing certificate. Needs to be compatible with the X509Certificate2 class. Much like the signingCertificate, the nextSigningCertificate property is used if a rollover is required outside of the auto-rollover update, a new federation service is being set up, or if the new token signing certificate is not present in the federation properties after the federation service certificate has been updated.[PromptLoginBehavior <String>]: promptLoginBehavior[SignOutUri <String>]: URI that clients are redirected to when they sign out of Azure AD services. Corresponds to the LogOffUri property of the Set-MsolDomainFederationSettings MSOnline v1 PowerShell cmdlet.[SigningCertificateUpdateStatus <IMicrosoftGraphSigningCertificateUpdateStatus>]: signingCertificateUpdateStatus[(Any) <Object>]: This indicates any property can be added to this object.[CertificateUpdateResult <String>]: Status of the last certificate update. Read-only. For a list of statuses, see certificateUpdateResult status.[LastRunDateTime <DateTime?>]: Date and time in ISO 8601 format and in UTC time when the certificate was last updated. Read-only.
INPUTOBJECT <IIdentityDirectoryManagementIdentity>: Identity Parameter
[AdministrativeUnitId <String>]: key: id of administrativeUnit[AllowedValueId <String>]: key: id of allowedValue[AttributeSetId <String>]: key: id of attributeSet[CommandId <String>]: key: id of command[ContractId <String>]: key: id of contract[CustomSecurityAttributeDefinitionId <String>]: key: id of customSecurityAttributeDefinition[DeviceId <String>]: key: id of device[DirectoryObjectId <String>]: key: id of directoryObject[DirectoryRoleId <String>]: key: id of directoryRole[DirectoryRoleTemplateId <String>]: key: id of directoryRoleTemplate[DirectorySettingId <String>]: key: id of directorySetting[DirectorySettingTemplateId <String>]: key: id of directorySettingTemplate[DomainDnsRecordId <String>]: key: id of domainDnsRecord[DomainId <String>]: key: id of domain[ExtensionId <String>]: key: id of extension[FeatureRolloutPolicyId <String>]: key: id of featureRolloutPolicy[IdentityProviderBaseId <String>]: key: id of identityProviderBase[InboundSharedUserProfileUserId <String>]: key: userId of inboundSharedUserProfile[InternalDomainFederationId <String>]: key: id of internalDomainFederation[OrgContactId <String>]: key: id of orgContact[OrganizationId <String>]: key: id of organization[OrganizationalBrandingLocalizationId <String>]: key: id of organizationalBrandingLocalization[OutboundSharedUserProfileUserId <String>]: key: userId of outboundSharedUserProfile[ProfileCardPropertyId <String>]: key: id of profileCardProperty[RecommendationId <String>]: key: id of recommendation[RecommendationResourceId <String>]: key: id of recommendationResource[ScopedRoleMembershipId <String>]: key: id of scopedRoleMembership[SharedEmailDomainId <String>]: key: id of sharedEmailDomain[SharedEmailDomainInvitationId <String>]: key: id of sharedEmailDomainInvitation[SubscribedSkuId <String>]: key: id of subscribedSku[TenantReferenceTenantId <String>]: key: tenantId of tenantReference[UsageRightId <String>]: key: id of usageRight[UserId <String>]: key: id of user
SIGNINGCERTIFICATEUPDATESTATUS <IMicrosoftGraphSigningCertificateUpdateStatus>: signingCertificateUpdateStatus
[(Any) <Object>]: This indicates any property can be added to this object.[CertificateUpdateResult <String>]: Status of the last certificate update. Read-only. For a list of statuses, see certificateUpdateResult status.[LastRunDateTime <DateTime?>]: Date and time in ISO 8601 format and in UTC time when the certificate was last updated. Read-only.